cancel
Showing results for 
Search instead for 
Did you mean: 
jasonD2
Level 7

Hips Traffic Logging

Jump to solution

First, hopefully this is the right section, if not please feel free to move it to the correct section.

I searched for a thread already addressing this issue but couldnt find one.  If the question below has already been answered a link would be greatly appreciated.

So we are trying to track a problem with a program, and cant install any additional software so we are attempting to use the activity log traffic logging feature built into hips.  Thumbs up by the way for including this feature.  My problem is that the buffer appears to small, the event is happening around 5 minute increments, but the buffer seems to small to capture more than one or two events.  I found the event.log which appears to have some of the information, but unforantely doesnt appear to have a time stamp, which is a little baffling.

So my questions(s)

1.  Is there a way to increase the buffer size of the traffic logging section?

if not.

2.  Is there a way to turn on logging, for just log all allowed, traffic?

if not.

3.  Is there a way to read or add additional information to the event.log file?

Thanks in advance,

Jason

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Hips Traffic Logging

Jump to solution
1.  Is there a way to increase the buffer size of the traffic logging section?

In the Host IPS General Client UI policy, Troubleshooting tab, increase the Activity Log size (MB) value.

2.  Is there a way to turn on logging, for just log all allowed, traffic?

In the Host IPS Client UI, Activity Log, enable the Log All Allowed option only.  This cannot be controlled via ePO policy.

3.  Is there a way to read or add additional information to the event.log file?

The event.log file is only meant to be read by the Host IPS Client UI, which is translated to the Activity Log, which can be exported to the McAfeeFireLog.txt file (which is the exported readable format of the event.log file), when you click on Save option in the Client UI.

0 Kudos
6 Replies
McAfee Employee

Re: Hips Traffic Logging

Jump to solution
1.  Is there a way to increase the buffer size of the traffic logging section?

In the Host IPS General Client UI policy, Troubleshooting tab, increase the Activity Log size (MB) value.

2.  Is there a way to turn on logging, for just log all allowed, traffic?

In the Host IPS Client UI, Activity Log, enable the Log All Allowed option only.  This cannot be controlled via ePO policy.

3.  Is there a way to read or add additional information to the event.log file?

The event.log file is only meant to be read by the Host IPS Client UI, which is translated to the Activity Log, which can be exported to the McAfeeFireLog.txt file (which is the exported readable format of the event.log file), when you click on Save option in the Client UI.

0 Kudos
jasonD2
Level 7

Re: Hips Traffic Logging

Jump to solution

Thanks alot Kary

0 Kudos
hemantk
Level 12

Re: Hips Traffic Logging

Jump to solution

Hello Kary.

May i know where do i get Firewall events logs in ePO queries, as my HIPS client shows many Traffic logs, but i'm unable to find those from ePO console.

0 Kudos
McAfee Employee

Re: Hips Traffic Logging

Jump to solution

Host IPS Firewall events (ALLOWED/BLOCKED) are not sent to ePO.  They reside only in the local HIPS Activity log in the Client UI.

0 Kudos
hemantk
Level 12

Re: Hips Traffic Logging

Jump to solution

But it has to be Centralize..., as we can't visit each system for getting logs. It will be time consuming job.

There is no another way to centralize???.....

0 Kudos
McAfee Employee

Re: Hips Traffic Logging

Jump to solution

Sorry, no.

0 Kudos